According to cyber forensics course specialists from the International Institute of Cyber Security (IICS) the services of virtual private networks (VPN) provided by some companies are vulnerable to security flaws that could allow an attacker to enter remotely into a company’s internal network.
The cybersecurity area of the Department of Homeland Security issued an alert after the publication of a CERT/CC report, a vulnerability disclosing center.
The report mentions that VPN applications from four different vendors (Pulse Secure, Cisco, F5 Networks, and Palo Alto Networks) erroneously store authentication tokens and session cookies on users’ devices.
It is worth mentioning that this VPN service is not like the one that is used regularly to hide our browsing, but it is implemented by a company IT staff to allow remote workers access to the network resources of the company.
According to the cyber forensics course experts, applications generate tokens from the password of each user and are stored on your computer to keep the user connected without having to enter your password again every time you enter. However, if these tokens are stolen by a threat actor, they can access the account of the committed user without having to get users’ access credentials.
In addition, if the attacker gains access to the compromised user’s computer in other ways (through malware, for example), it is possible to extract the tokens and use them to access the company’s networks with the same privileges as the victim, including company applications, systems and data.
The cyber forensics course expert mentioned that, until now, only Palo Alto Networks has confirmed that GlobalProtect, its enterprise VPN service, has some security vulnerabilities. The company has already launched an update for its users in Microsoft and Apple.
CERT specialists believe that many other VPN applications (maybe hundreds of these services) could present serious security flaws, although they note that further testing is needed to confirm this assumption.